Dragii nostrii Florin si Emi |

Recent Comments

Loading....

Loading....

Apocalipsa dupa Nemessis in (103 Visits)
Ce servicii de mail folositi? in (42 Visits)
This is the end in (28 Visits)
Hackersblog.org is now blog.rstcenter.com in (27 Visits)
Short news in (22 Visits)
La multi ani România, la multi ani românilor in (22 Visits)
Azi este ziua userilor hackersblog.org in (15 Visits)
Raportare vulnerabilitati in (14 Visits)
Inca o pierdere de timp in (14 Visits)
Update in (11 Visits)
Mi s-a furat id-ul de messenger/adresa e-mail. Ce sa fac? in (313 Visits)
Hi5.com coders read this in (37 Visits)
SMS scam (1) in (28 Visits)
Phishing Bancpost in (12 Visits)
Dezinformare sau proasta informare? in (10 Visits)
Si tentativele de phishing pot fi amuzante in (9 Visits)
Phishing Raiffeisen cu atasament html in (6 Visits)
Cum sa iti protejezi adresa e-mail si datele confidentiale din aceasta in (96 Visits)
[Utilitare] Suna gratis de pe internet sau de pe iPhone in (54 Visits)
Ce nu se invata la scoala - Tipuri si tehnici spam/Hi5 (4) in (49 Visits)
Despre CSRF, hi5.com, cum sa trisezi la concursuri s.a.m.d. in (42 Visits)
Ce nu se invata la scoala - (D)DOS (5) in (34 Visits)
Virusi in clipuri video [how to] in (32 Visits)
Ce nu se invata la scoala - Tipuri si tehnici spam/mail (2) in (29 Visits)
Ce nu se invata la scoala - Tipuri si tehnici spam (1) in (24 Visits)
Yahoo! redirects - a big issue (with video) in (14 Visits)
Ca musca in... in (12 Visits)
usa.kaspersky.com hacked ... full database acces , sql injection in (173 Visits)
Simpatie.ro, matrimoniale3x.ro, apetisant.ro, deliciu.ro , etc Sql injection in (112 Visits)
Yahoo! epic fail - permanent xss unleashed in (90 Visits)
Telegraph.co.uk hacked, sql injection in (66 Visits)
RedTube.com ... The Free Sex Video Community in (59 Visits)
Kaspersky Thailand hacked by TinKode in (48 Visits)
Conquiztador Hacked Again in (48 Visits)
Telegraph.co.uk hacked - when will they learn? in (43 Visits)
Simona Sensual si profilul ei de hi5 in (40 Visits)
F-Secure.com - SQL Injection + Cross Site Scripting in (39 Visits)
Wannabe Hackers [2] - cum sa faci un virus by sppy_hacker in (33 Visits)
Wannabe Hackers [1] - Cum sa hack-uiesti RapidShare-ul in (29 Visits)
Digital Photocopiers Loaded With Secrets in (26 Visits)
Hacker Uses XSS and Google Street View Data to Determine Physical Location in (16 Visits)
Oldies but goodies - Freedom Downtime - The Story of Kevin Mitnick in (11 Visits)
OWASP Phishing demo in (9 Visits)
Christopher "moot" Poole: The case for anonymity online in (9 Visits)
[Video] The History Of Hacking in (8 Visits)
Hope 2603 – Kevin Mitnick - Life a Computer Hacker – Revealed in (8 Visits)
Owasp5005 Part1 - New zero-day browser exploits - ClickJacking in (8 Visits)
Se poate sparge parola de Yahoo? in (344 Visits)
phpBB.ro hacked in (105 Visits)
Experiment social in (70 Visits)
Cand dorinta de afirmare depaseste granitele bunului simt - PaxNwo un leecher ordinar in (61 Visits)
Oare cum e pana la urma? in (57 Visits)
"Hot" de id-uri messenger in (52 Visits)
Concurs fara premii in (51 Visits)
Forumul Andreei Balan spart in (47 Visits)
Ce nu se invata la scoala – Vendetta (6) in (45 Visits)
Experiment social II - andimoisescu.ro in (44 Visits)

Loading....

Dragii nostrii Florin si Emi

Posted by 2fingers in English News

Posted on December 21st, 2008

Dupa cum am promis acum ceva timp am mai facut un mic test asupra filtrelor ce ar trebui sa previna injectarea scripturilor in site-ul http://eok.ro. Din pacate am fost dezamagit atunci cand am injectat fara probleme acest mic cod:
<object data="javascript:alert(1)" type="text/html" height="100%" width="100%"></object>
in rubrica de comentarii a unui user si desigur in spatiul dedicat embed-ului video. Deci xss permanent.

Nu vreau sa aveti impresia ca este ceva personal dar aveti datoria de a va proteja userii (care nu sunt chiar putini) de orice atac care ii poate afecta in mod direct. Chiar nu am stat sa testez fiecare loc unde se poate injecta un script asa ca va las pe voi sa le luati la mana.

P.S. – captcha de la inregistrare da rateuri grave. Am stat 5 minute sa imi accepte codul (chior nu sunt), plus ca mi s-a facut refresh la pagina de inregistrare cand imi era lumea mai draga. Cred ca putina “reglare” a scripturilor nu strica.

P.S. 2 – pup pe Cristina “Pyuric” ca este o dulceata de fata

Related Posts

March 5, 2009 -- In loc de martisor – XSS permanent in eok.ro :)
October 28, 2008 -- Vulnerabilitati eOk.ro
May 28, 2010 -- Pwning cam girls for fun
November 24, 2009 -- Rezultatele poll-ului despre Hi5
October 22, 2009 -- Another security problem in usa.kaspersky.com?

2 Responses to “Dragii nostrii Florin si Emi”

temporary Says:
December 22nd, 2008 at 1:45 am
nu ai gusturi rele cu domnisoara
Florin Grozea Says:
December 22nd, 2008 at 4:39 pm
Mi-am notat şi am trimis echipei noastre să “repare”.

Mulţumim mult de ajutor!

Leave a Reply

Subscribe to our Feed

N/A Subscribers (Feedburner)

Entries RSS

Comments RSS